In my Filemaker solution, I have 2 types of users. Students and Teachers. I have made a login script that checks a users table for the username and password. The plan was to record in the users table, an admin approved name for a privilege set: Students get "Read only access" and Teachers get "Data Entry Access"

My questions are:

In order for a user to login as a "Student", Should I

1. Manually create a filemaker account called "Student" with [Read-only-Access] and then using the script step "Re-login" using the account "Student" ?

OR

2. If the username and password matches, create an account using the script step "Add Account" using the username and password and assign a predefined privilege set - "Student" with [Read-only-Access].

Correct me If I am wrong, For me it seems if I follow option 2, I can implement a log-out script by using the "Delete Account" script step and going to a "Logged out" layout.

If Step 2 is the way to go, whats the purpose of a "Re-Login" script step. And how does one implement a log-out after Login in with a "Re-Login" script step?

Got it figured with some trial and error.

Mods may save space by deleting the original post.

Cheers

You may want to rethink this entire process. It is insecure and hackers may be able to manipulate it easily.

Steven

Thank for the help really.

The suggestion would have been useful for us "non-experts in filemaker" if you could explain the "insecurity" in the process.

So.. does it mean that restricting access with filemaker privileges is not good enough to deter hackers ? A similar database solution made in MS-SQL in the university has the admin able to upgrade or downgrade user privileges this way. Why would a similar process in filemaker be insecure?

Luckily, My humble solution runs on our local computer and is used to log in students into a CBT solution so we can track their performance during the session. Do you mean that if we ever commercialize the solution, we have to hacker proof it on say MS-SQL or Oracle?

Cheers

If you have stored a password in a file as a data element, very likely it can be extracted. Take a look at this article:

http://www.fmpug.com/resources/security_schema_changes_filemaker_11

for some suggestions on really locking down and protecting your file.

As a general rule, the closer you stick to the basic FileMaker security schema, the better off you will be. When you start trying to modify or alter that, you begin rapidly to open vulnerabilities.

Steven

The link is not working. Fatal error ! Uncaught exception! :hmm:

It worked for me?

It worked for me?

Not sure how that will help me if it worked for you?

Anyway, here is screen capture of the error it shows upon submitting the form to proceed to download.

Tested on Firefox 14, Chrome. Chrome just reloads the page, firefox shows the error. :hmm:

I get the error as well. Is FMPug sign-in required?